Every time our website is accessed, our system automatically records data and information from the computer system of the
accessing computer.
The following data are thereby collected:
(1) information on the browser type and version used
(2) user’s operating system
(3) user’s Internet service provider
(4) user’s IP address
(5) date and time of access
(6) websites from which the user’s system gains access to our website
(7) websites accessed from user’s system via our website

The data are stored in the log files of our system. Based on the IP address, we can allocate to the user those payment options available
in his/her country if he/she orders paid services. We moreover have the possibility of detecting cases of attempted fraud.
Additionally, the system temporarily stores the IP address of each user for the purpose of delivering the website to the user’s computer.
The data are stored in access logs for a period of 7 days.
For the purpose of preventing fraud, IP addresses are stored until the contract has been terminated.
The legal basis for data processing is provided by Article 6(1)(f) of the General Data Protection Regulation (GDPR). We have
a legitimate interest in data processing in the cases specified here.

IV. Use of cookies

We use cookies on our website. These are small files which are created by your browser automatically and which are stored on your
terminal device (laptop, tablet, smart phone, or similar) when you visit our website. Cookies do not damage your terminal device,
do not contain any viruses, Trojans or other malware.
A cookie stores information resulting in each case in connection with the specifically used terminal device. However, that does not
mean that we thereby directly obtain knowledge of your identity. The use of cookies thus on the one hand serves to make it more
convenient for you to use our offering. For example, we use what are referred to as session cookies to detect that you have already
visited specific pages of our website. These are deleted automatically after you leave our site.
We also use temporary cookies, stored for a specifically defined period on your terminal device, to optimise user-friendliness. If you
visit our site again to use our services, it is automatically detected that you were already on our site, and which data were entered and
what settings were made by you. That way you don’t have to enter such data again. Information is also stored to identify what are
referred to as webmasters. A webmaster is the operator of a website who has placed an advertisement on its website referring that website.
By clicking on this ad, users can gain access to our website. The information identifying the webmaster is provided so that it can be
allocated a fee.
On the other hand, we use cookies to statistically record the use of our website and to evaluate such use to optimise our offering and
improve the visitor experience for you (see V.). These cookies enable us to detect automatically, when you visit our site again, that
you had already visited our site. These cookies are automatically deleted after a specifically defined period of time of 50 months
maximum.
The data processed by cookies are required for the aforementioned purposes of safeguarding our legitimate interests as well as those
of third parties pursuant to the first sentence of Article 6(1)(f) GDPR. Most browsers accept cookies automatically. However, you may
configure your browser in such a way that no cookies are stored on your computer or that a notice is always displayed before a new
cookie is created. But completely deactivating cookies may mean that you cannot use all functions of our website.

V. Google Analytics

The basis for performing the tracking measures with Google Analytics is provided by the first sentence of Article 6(1)(f) GDPR. With the
tracking measures used we want to ensure that our website is designed to meet the needs of users and optimised on a continuous basis. We
moreover use the tracking measures to statistically record the use of our website and to evaluate such use to optimise our offering for
you. Such interests are to be deemed legitimate within the meaning of the aforementioned provision.
For the purpose of ensuring that our website is designed to meet the needs of users and optimised on a continuous basis, we use Google
Analytics, a website analysis service of Google Ireland Limited https://www.google.de/intl/de/about/ (Gordon House, Barrow Street, Dublin
4, Ireland; hereinafter „Google“) as well as the extension Google Optimize. In this context, pseudonymised user profiles are created
and cookies are used (see IV. below).
The information generated by the cookie on your use of this website, such as
• browser type/version,
• operating system used
• referrer URL (the previously visited site),
• host name of accessing computer (IP address),
• time of server request,
is transmitted to a Google server in the USA and stored there. The information is used to analyse your use of the website, to compile
reports on website activities and to render other services related to the use of the website and of the Internet in general for purposes
of market research and designing such websites to meet the needs of users. Where applicable, such information is also transmitted to third
parties to the extent prescribed by law and to the extent third parties process such data on behalf of a controller. Under no
circumstances will your IP address be linked with other Google data. Since the IP addresses are anonymised, no identification is possible
(IP masking).
You may prevent the installation of cookies by configuring your browser software accordingly; however, please note that in this case it
may not be possible to make full use of all functions of this website. In addition, you may prevent collection of the data generated by
the cookie and related to your use of the website (incl. your IP address) as well as processing of such data by Google by downloading and
installing a browser add-on https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, particularly in the case of browsers on mobile terminal devices, you can also prevent Google
Analytics from collecting data by clicking on deactivate Google Analytics. An opt-out cookie preventing your data from being recorded in
future when you visit the website is set. The opt-out cookie applies only in this browser and only for our website, and is stored on your
device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found e.g. on the Google Analytics help site at https://support.google.com/analytics/answer/6004245?hl=de.

This website uses overheat.de, a web analysis tool of the company overheat UG (with limited liability) having its registered office
at Stürzenberger Weg 30, 51766 Engelskirchen, Germany. With this tool, interactions of randomly selected individual users with the
website are recorded in anonymised form. This results in the creation of a log, e.g. of mouse movements and clicks, with the aim of
finding ways to improve the respective website. Moreover, information on the operating system, browser, inbound and outbound references
(links), geographical origin, as well as resolution and device type, is evaluated for statistical purposes. Such information is not
personal and is not disclosed by overheat.de to third parties. If you do not wish information to be recorded, you can deactivate such
recording on all websites using overheat by setting the DoNotTrack header in your browser. For further information in this regard, you
can visit the following site: http://overheat.de/opt-out.html

VIII. Social media plug-ins

On our website we use social plug-ins of the social networks Facebook, Instagram, Snapchat and Twitter to make our company better known
through them. The basis for this is provided by the first sentence of Article 6(1)(f) GDPR. The advertising purpose pursued thereby is
to be qualified as a legitimate interest within the meaning of the GDPR. Responsibility for operation in accordance with data protection
provisions is to be ensured by the respective provider.
We embed these plug-ins using what is referred to as the two-click method so as to provide visitors to our website with the best possible
protection.

1. Facebook

Social media plug-ins of Facebook are used on our website to make their use more personal. For this purpose we use the “LIKE” or
“SHARE” button. This is an offering of Facebook.
When you access a page of our website that contains such a plug-in, your browser establishes a direct link to the servers of Facebook.
The content of the plug-in will be transmitted from Facebook directly to your browser, which will embed it into the web page. Through
this embedding of the plug-in, Facebook is provided with the information that your browser has accessed the respective page of our
website, even if you do not have a Facebook profile or are not logged in to Facebook at the time. This information (including your IP
address) will be transmitted directly to a Facebook server in the USA by your browser, and will be stored there.
If you are logged in to Facebook, Facebook may directly allocate the visit to our website to your Facebook account. If you interact
with the plug-ins, e.g. click the "LIKE" or "SHARE" button, this information will likewise be transmitted directly to a Facebook server
and be stored there. The information will also be published on Facebook and displayed to your Facebook friends. Facebook may use this
information for the purpose of advertising, market research and designing the Facebook sites to meet the needs of users. For this
purpose, user, interest and relationship profiles are created by Facebook, e.g. to evaluate your use of our website with respect to
the ads displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide additional
services associated with the use of Facebook.
If you do not wish Facebook to allocate the data collected through our website to your Facebook account you must log out of Facebook
before you access our website.
For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users' rights
and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook at
https://www.facebook.com/about/privacy/

2. Instagram

On our website, social plug-ins (“plug-ins”) of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025,
USA (“Instagram”) are also used.
The plug-ins are designated with an Instagram logo, e.g. in form of an Instagram camera. When you access a page of our website
containing such a plug-in, your browser will establish a direct connection to the servers of Instagram. The content of the plug-in will
be transmitted from Instagram directly to your browser, which will embed it into the web page. Through this embedding, Instagram is
provided with the information that your browser has accessed the respective page of our website, even if you do not have an Instagram
profile or are not logged in to Instagram at the time.
This information (including your IP address) will be transmitted directly to an Instagram server in the USA by your browser, and will
be stored there. If you are logged in to Instagram, Instagram may directly allocate the visit to our website to your Instagram account.
If you interact with the plug-ins, e.g. click the "Instagram" button, this information will likewise be transmitted directly to
an Instagram server and be stored there. This information will also be published in your Instagram account and be displayed alongside
your contacts.
If you do not wish Instagram to allocate the data collected through our website directly to your Instagram account you must log out
of Instagram before you access our website.
Further information in this regard can be found in the privacy policy of Instagram at https://help.instagram.com/155833707900388.

3. Twitter

Plug-ins of the short messaging network of Twitter Inc. (Twitter) are embedded on our website pages. You can recognise the Twitter
plug-ins (tweet button) by the Twitter logo on our site. You can find an overview of the tweet buttons at
https://about.twitter.com/resources/buttons.
When you access a page of our website containing such a plug-in, a direct connection is established between your browser and the
Twitter server. Twitter is thereby provided with the information that you have visited our website with your IP address. If you click
on the Twitter “tweet button” while logged on to your Twitter account, you can link the content of our pages on your Twitter profile.
That enables Twitter to allocate the visit to our pages to your user account. We point out that as provider of the website pages we
do not obtain any knowledge of the data transmitted and their use by Twitter.
If you do not wish Twitter to be able to allocate the visit to our website pages, please log out of your Twitter user account.
Further information on this can be found in the privacy policy of Twitter at https://twitter.com/privacy.

4. Snapchat

Social media plug-ins of Snapchat are used on our website. This is an offering of Snapchap.
When you access a page of our website containing such a plug-in, your browser establishes a direct link to the servers of Snapchat.
The content of the plug-in will be transmitted from Snapchat directly to your browser, which will embed it into the web page.
By imbedding of the plug-ins, Snapchat receives the information that your browser has accessed the respective web page of our website.
This information (including your IP address) will be transmitted directly to a Snapchat server in the USA by your browser, and will be
stored there. Further information on this can be found in the privacy policy of Snapchat at
https://www.snap.com/de-DE/privacy/privacy-policy/.

IX. Social sign-in

We offer you the possibility of registering or logging onto the social networks Facebook and Google with us directly with your existing
profile. You may use this function on a voluntary basis by clicking on the button of the respective social network in the window
“register for free” or “log-in”.
The legal basis for this is provided by the first sentence of Article 6(1)(f) GDPR. The purpose, which at the same time constitutes our
legitimate interest, is to provide users with a convenient way of registering or log-in. Responsibility for operation in accordance
with data protection provisions is to be ensured by the respective social network.
If you do not wish your data to be transmitted from our website in the context of the registration or log-in to a social network,
do not use the buttons of the social network in the window “register for free” or “log-in”.

1. Sign-in with Facebook

We use the function “Facebook Connect” provided by Facebook. If you wish to use this function, you will first be directed to Facebook.
There you will be requested to log on with your user name and password. We of course do not gain any knowledge of your log-in data.
If you are already logged on to Facebook, this step is skipped. After that, Facebook informs you which data are transmitted to us. You
then confirm this with the “OK” button. With the data transmitted, we create your customer account. You can find detailed information
on the data in your customer account under X. Beyond that, no permanent link between your customer account and your account with
Facebook is established.
Your browser establishes a direct link with the servers of Facebook. Facebook is provided with the information that your browser has
accessed the respective page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the time.
This information (including your IP address) will be transmitted directly to a Facebook server in the USA by your browser, and will be
stored there.
If you are logged in to Facebook, Facebook may directly allocate the visit to our website to your Facebook account.
For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users' rights
and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook
at https://www.facebook.com/about/privacy/.

2. Sign-in with Google

We also use the function “Google+ Sign In” provided by Google. If you wish to use this function, you will first be directed to Google.
There you will be requested to log on with your user name and password. We of course do not gain any knowledge of your log-in data.
If you are already logged on to Google, this step is skipped. After that, Google informs you which data are transmitted to us. You then
confirm this with the “Accept” button. In addition, you may indicate whether and with what groups you wish to share your registration
with us. With the data transmitted we create your user profile, but of course do not store your list of contacts in your groups.
You can find detailed information on the data in your customer account under X. No permanent link between your customer account
and your account with Google is established.
Your browser establishes a direct link with the servers of Google. Google is provided with the information that your browser has
accessed the respective page of our website, even if you do not have a Google account or are not logged in to Facebook at the time.
This information (including your IP address) will be transmitted directly to a Google server in the USA by your browser, and will be
stored there. If you are logged in to Google, Google may directly allocate the visit to our website to your Google account.
For details on the purpose and scope of the data collection and further processing and use of the data by Google and users' rights
and configuration options to protect their privacy, users are advised to refer to the privacy information of Google
at https://policies.google.com/privacy?hl=de.

X. Registration and use of our offering

a) Basic data

On our website we offer users the possibility of registering with their personal data. In this case, the data are entered into an input
mask, transmitted to us and stored. The following data are processed in the registration process on the legal basis of processing for
the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b)) GDPR) and are deleted at
the end of the contractual relationship with you giving due regard to the statutory retention periods, unless otherwise stated
hereinafter at the time of the deletion:

-

Name, address, date of birth, AVS/ID card data

These data are used to identify you as a contractual partner. The date of birth and proof thereof are also important to ensure that
services intended exclusively to persons of full legal age are provided only to such persons. Data collection for verifying full legal
age is required to meet our legal obligations (Article 6(1)(c)) GDPR).

The e-mail address and its verification as well as the landline / mobile phone number and their verification are required to ensure
contact with you in the context of performance of the contract and for the purpose of preventing fraud. All contact data specified
serve to transmit contractual information including dunning in the case of payment default. These data are likewise collected for
processing for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b)) GDPR).
The e-mail address is also used for the purpose of performing advertising measures on the legal basis of Article 6(1)(a)) GDPR based
on your consent given voluntarily on commencement of the registration procedure. You may receive advertisement for products/websites of
our company as well as for products/websites of EDEV Media AG.
You may also yourself make detailed settings for desired e-mail notifications or deactivate them, as well as unsubscribe from
the newsletter or once again request to receive them. Moreover, you can decide on the option of a text notification being sent to
your mobile phone number when the favourites selected by you are online. The buttons provided for this purpose are clearly recognisable
in your personal log-in area.

Consent
“I hereby consent to data processing of my e-mail address for the purpose of the sending the newsletter as well as the sending of
advertisement for your products/websites and products/websites of EDEV Media AG, and to the processing of my e-mail address and mobile
phone number for the purpose of notifications by e-mail and text messages by clicking on the buttons provided for this purpose. I hereby
consent to such data being transmitted to service providers that have been instructed with activities required for performing the desired
notifications.”
You can exercise your right to withdraw your consent at any time with effect for the future by terminating the selected notification
functions by means of the buttons provided for such purpose. These buttons are clearly recognisable in your user account. Alternatively,
you may declare your withdrawal of consent at any time for the future. Such notice of revocation must be directed to our Data Protection
Officer by post at the above address of the controller adding the suffix “Data Protection Officer” or by e-mail
at datenschutzbeauftragter@visit-x.net. This does
not give rise to any costs for you. You will find information on your rights in XIV.

-

Banking data / credit card data

Banking data / credit card data are also collected for performance of your payment obligation under the contract in accordance with
the selection made by you and the option of convenient loading on the legal basis of Article 6(1)(b)) GDPR.
To prevent charge-backs and attempted fraud through use of publicly accessible banking data, we compare your banking data (only IBAN
and BIC or account number and bank routing code, no personal details) with the Return-debit Prevention Pool (RPP) of infoscore
Consumer Data GmbH (ICD), Rheinstr. 99, 76532 Baden-Baden, Germany. In the RPP non-personal data on charge-backs due to lack of coverage,
and so-called non-consumer accounts (e.g. donation accounts and other publicly accessible banking particulars), are stored. The RPP has
the function of a blocking file. This data comparison is performed on the legal basis of Article 6(1)(f)) GDPR. Our legitimate interest
lies in avoiding charge-backs or payment defaults and preventing attempted fraud.

-

Data in your user account about your purchases, your top-ups with time stamp (incl.
failed transactions), via VIP-Abo / Premium TV with date of ordering of such services and the mode of payment, chats with time
stamp and duration of chat, messages written and received

These data are likewise processed for processing for performance of your contract (Article 6(1)(b)) GDPR), particularly for the
purpose of contractual invoicing to you. The data are deleted as soon as this purpose is fulfilled.

-

Profile name and password

In order for you to use our system, it is necessary to collect your profile name and your password. The basis for this is likewise
the performance of your contract (Article 6(1)(b)) GDPR). The profile name also serves as your pseudonym in your voluntary communication
with other users within our system. Our system does not provide other users with information on which person is behind a pseudonym.

b) Data in the context of registration process and log-in

The following data are collected in the registration process or subsequent log-in on the legal basis of Article 6(1)(f)) GDPR:

The purpose of and our interest in collecting the data are the technical optimisation of our website and making improvements to our
products, as well as conducting investigations in cases of fraud adversely affecting us, and in identifying the payment methods
applicable at the customer’s location.

c) Photos and chats

You may upload profile photos or other photos on a voluntary basis and delete the same again. These images are visible for users who
access your profile. They serve the purpose of personalising your image. Use of the photos by us for other purposes is excluded.
For processing these data, your voluntary consent pursuant to Article 6(1)(a)) GDPR is required. If on the basis of these photos
any conclusions are possible as regards your sex life or your sexual orientation, your voluntary consent is given pursuant to
Article 9(2)(a)) GDPR.

Consent
“I hereby consent to data processing of my uploaded profile photo and other uploaded photos. I consent to such data processing also
in the case where such photos allow for conclusions as regards my sexual orientation or my sex life. I hereby consent to such data being
transmitted to service providers that have been instructed with activities required for providing the contractually agreed services.
This includes storing, saving and keeping available my data as well as the related services and Internet access.”
You can exercise your right to withdraw your consent at any time with effect for the future by deleting one, several or all pictures
without giving any reasons for such withdrawal. The functions provided for this purpose are clearly recognisable in your user account.
Alternatively, you may declare your withdrawal of consent at any time for the future. Such notice of withdrawal must be directed to our
Data Protection Officer by post at the above address of the controller adding the suffix “Data Protection Officer” or by e-mail
at datenschutzbeauftragter@visit-x.net. You will
find information on your rights in XIV.

Data from chat transcriptions, your name, your e-mail address, banking details, credit card data and interactions are analysed in
accordance with Article 6(1)(f) GDPR to protect us from misuse of our platform, from immoral behaviour and in particular from fraud.
We have a legitimate interest in such purposes. These data, with the exception of the banking details and the credit card data, also
serve the purpose of handling complaints or legal claims of other users based on alleged unlawful behaviour. If on the basis of the
chat transcripts any conclusions are possible as regards your sex life or your sexual orientation, data processing is performed
exclusively on the legal basis of Article 9(2)(f)) GDPR for establishment, exercise or defence of legal claims. The data are then
deleted as soon as a case of fraud can be excluded in the specific case and/or a complaint / a legal claim has been conclusively
processed.

e) Profile properties

You may voluntarily store your profile properties such as your gender, your date of birth, your location and your gender-specific
search information as well as your preferences, your properties and a selection of desired services, and create “about you” texts.
These details are made accessible to your chat partners to give them the opportunity to fulfil your wishes. You may change the stated
profile properties at any time. They are kept preserved in your personal log-in area until the contractual relationship with
you ends.
For processing these data, your voluntary consent pursuant to Article 6(1)(a)) GDPR is required. If on the basis of your particulars any
conclusions are possible as regards your sex life or your sexual orientation, your voluntary consent is given pursuant to
Article 9(2)(a)) GDPR.

Consent
“I hereby consent to data processing of my particulars on my profile properties such as my gender, my date of birth, my location
and my gender-specific search information as well as my selection of desired services and my “about you” texts, and to such particulars
being made accessible to my chat partners. I consent to such data processing also in the case where such particulars allow for
conclusions as regards my sexual orientation or my sex life, my religious beliefs and my ethnic origin. I hereby consent to such data
being transmitted to service providers that have been instructed with activities required for providing the contractually agreed
services to me. This includes storing, saving and keeping available my data as well as the related services and Internet access.”
You can exercise your right to withdraw your consent at any time with effect for the future by deleting the particulars from your
user account without giving any reasons for such withdrawal. The functions provided for this purpose are clearly recognisable in your
user account. Alternatively, you may declare your withdrawal of consent at any time for the future. You may send your withdrawal by
e-mail to datenschutzbeauftragter@visit-x.net. You
will find information on your rights in XIV.

f) Interactions

We analyse your interactions resulting from your use of our service, e.g. which chat partners you choose, what ratings you give and
which profiles you access, so that with the help of such data analysis we can provide you with the recommendations suited to you for
using our services. These offerings appear in your personal log-in area. The legal basis for this is provided by Article 6(1)(f)) GDPR.
Our legitimate interest lies in being enabled to optimise our services provided to you to meet your personal needs so as to achieve
a greater use of our services. Such analysis data are deleted when the contractual relationship to you is ended.

g) Correspondence content

If you correspond with us, we collect data on the content of such correspondence. Where the purpose of the correspondence is
performance of the contract, the data are collected on the legal basis of Article 6(1)(b)) GDPR. If the correspondence is for
a different purpose, the data are processed pursuant to Article 6(1)(a)) GDPR. The purpose of processing the data and our legitimate
interest in such processing is to properly handle the concerns of our customers. The data are then deleted once the purpose of
the correspondence has been achieved.

h) SMS data

As a user of our TV channel, you have the possibility of sending an SMS (short text message) whose content is inserted into
the TV programme. The SMS data are processed for this purpose and then deleted. The legal basis for this data processing is the
performance of the contract entered into with you (Article 6(1)(b)) GDPR).

i) Telephone data for telephone services

When using the service “Telephone carousel” or a 0900 number, your telephone number is processed in order to invoice such services
to you. Such data processing is for the purpose of performing the contract on the legal basis of Article 6(1)(b)) GDPR. Once the
invoicing procedure has been successfully completed, the data are deleted.
For the purpose of preventing fraud, phone number lists are kept available within the telephone system. The legal basis for this is
provided by Article 6(1)(f) GDPR. The purpose of processing the data establishes our legitimate interest.

j) Use of media library

With the use of our media library you have the possibility of sending an e-mail with a video clip from the media library to
an e-mail address which you have entered. To enable use of this function, such e-mail address is transmitted to a service provider.
The legal basis for this is provided by Article 6(1)(b)) GDPR.

k) Data that draw conclusions as regards your sexual orientation

On the basis of your selection and use of the products offered by us, it may be possible to draw conclusions as regards your sexual
orientation or your sex life, including on the basis of your profile details. Also on the basis of the chat transcripts which are
briefly stored for preventing fraud, it may likewise be possible to draw a conclusion as regards your sexual orientation or your sex
life. We are allowed to process such data only on the basis of your voluntary consent pursuant to Article 9(2)(a)) GDPR. If you do
not give such consent, it will not be possible for you to use our services.

Consent
“I hereby consent to the processing of data on the products selected and accessed by me attributable to me, as well as of data on chat
transcripts attributable to me, if such data allow for conclusions as regards my sexual orientation or my sex life. I hereby consent
to such data being transmitted to service providers that have been instructed with activities required for providing the contractually
agreed services. This includes storing, saving and keeping available my data as well as the related services and Internet access.”
You can exercise your right of withdrawal at any time without stating reasons and withdraw this declaration of consent with effect for
the future. Such notice of withdrawal must be directed to our Data Protection Officer by post at the above address of the controller
adding the suffix “Data Protection Officer” or by e-mail
at datenschutzbeauftragter@visit-x.net. You will
find information on your
rights in XIV.

XI. Disclosure of data

Your personal data will not be disclosed to third parties for purposes other than those specified hereinafter.
We disclose your personal data to third parties only if:
• you have given your express consent to this pursuant to the first sentence of Article 6(1)(a) GDPR,
• disclosure is required pursuant to the first sentence of Article 6(1)(f) GDPR for the establishment, exercise or defence of
legal claims and there is no reason to assume that you have an overriding, legitimate interest in non-disclosure of your data,
• a legal obligation for disclosure pursuant to the first sentence of Article 6(1)(c) GDPR exists, and
• this is legally permissible and pursuant to the first sentence of Article 6(1)(b) GDPR is required for the performance of
contractual relationships with you.

To the extent your personal data are disclosed to third parties for performing the contractual relationship, the data will be
disclosed to the following recipients / categories of recipients:
We have instructed service providers with storing, saving and keeping available of your data as well as with providing all related
services such as maintenance of the IT systems. We use service providers for all manner of services relating to Internet access,
telephony, SMS, Messenger services and e-mail. We disclose your personal data to financial services providers to receive your payment
for the remuneration of our services. We work together with providers of debt collection services and legal service providers when you
are in payment default.
We use the services of credit service agencies to verify whether you are able to meet your payment obligation under our contract
pursuant to Article 6(1)(f) GDPR. This purpose also establishes the legitimate interest in such data processing.
Moreover, we have engaged service providers that ensure an access and age verification of the users of our services, which are suitable
for purposes aged 18 and up, on the legal basis of Article 6(1)(c) GDPR in order to fulfil our legal obligation.

We transmit your information (name, address, and date of birth as applicable) for purposes of credit checks and for the acquisition of
information to assess the risk of default based on mathematical methods utilizing address data to infoscore Consumer Data GmbH, Rheinstr.
99, 76532 Baden-Baden. The legal bases for such transmissions are found in Article 6, paragraph 1, letter b and Article 6, paragraph 1,
letter f of the EU General Data Protection Regulation (“EU GDPR”). Information may be transmitted on the basis of these provisions only
insofar as doing so is necessary to safeguard the legitimate interests of our company or third parties and where this does not override
the data subject’s interests or fundamental rights and freedoms that require the protection of personal data. Detailed information on ICD
within the meaning of Article 14 of the EU GDPR, i.e., information on the business purpose, on the purposes for storing data, on the data
recipients, on the data subject’s right to obtain information, on the right to have information deleted or corrected, etc. can be found at
the following link: https://finance.arvato.com/icdinfoblatt.

If the disclosure of data constitutes contract processing, we have entered into a contract with the service providers for contract
processing and have complied with all other statutory requirements for contract processing. Our service providers are predominantly
based in the European Union, and furthermore in Switzerland and the USA. The level of data protection in Switzerland was considered by
the European Commission to be adequate and recorded in an adequacy decision. The adequacy decision is called 2000/518/EC:
Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate
protection of personal data provided in Switzerland (notified under document number C(2000) 2304); accessible
at https://eu.vlex.com/vid/gem-ischen-angemessenheit-personenbezogener-37729414. The service providers in
the USA have submitted
to the provisions of the EU – US Privacy Shield agreed between the USA and the European Union. The level of data protection
of companies in the USA having submitted to the requirements of the EU-US Privacy Shield is deemed to be adequate. The adequacy
decision of the EU Commission with regard to the EU-US Privacy Shield can be accessed under
this link: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016D1250&from=DE

XII. Consent to Fraud Prevention and Fraud Detection

I hereby consent to this platform automatically checking whether there is any reason to suspect misuse of the platform by collecting,
processing and using
1) my ordering data (e.g., item purchased, name, mailing address, e-mail address, delivery address, payment method and bank account
data)
2) the user data on my visits to this platform (e.g., start time, end time, extent of the webpages visited as well as the click paths)
along with
3) a cookie (i.e., a small text file stored locally in the browser's cache) and/or a visitor ID that may contain anonymous control data
on the terminal used (e.g., my screen resolution or operating system version), which allow me to be recognized with a certain degree of
reliability when I return to the website based on the terminal I use,
for the purpose of securing my user account, the websites I visit and the services I use on the website against fraud (e.g. account
takeover, automated creation of fake user accounts by bots, the use of stolen identities or payment data or incorrect ratings for
services), or abuse (e.g. by technical attacks on the IT infrastructure, „Man-in-the-middle“-attacks, brute-force-attacks or the usage of
malware) or for product optimization and further development.
I also agree that the above data be transmitted from the platform to the Device Transaction Pool (DTP) and stored there. The purpose of
the DTP is to be an industry-wide alert service to protect member companies involved in the DTP against fraud and, as a result, bad debts,
which may arise in the provision of commercially provided, paid telecommunication or telemedia services to users who are unwilling or
unable to pay for the services.
In the case of a request from a member company to the DTP, only the results of the fraud suspicion test are sent to that member company.
Positive data can also be transmitted. This means that devices via which payments have been made often and in time receive a positive
rating. There is no storage of results for individual member companies except in the case of the above mentioned single request. The DTP
is operated by infoscore Profile Tracking GmbH (IPT), Kaistrasse 7, 40221 Düsseldorf, in its role as a data processor for the member
companies.
Your data will be automatically deleted after five months.
I hereby warrant that I am authorized to give this consent for all the terminals I use to visit this platform and that I will inform third
parties whom I allow to use my terminals of my consent and make sure that said third parties also consent to the above-described measures
or, if not, that they refrain from visiting the platform on my terminals.
The platform has commissioned infoscore Tracking Solutions GmbH, Kaistrasse 7, 40221 Düsseldorf, to carry out the fraud prevention and
fraud detection as the outsourced data controller in accordance with Art. 28 DSGVO.
Recipients of the data are exclusively contractual partners of the platform. In this case, the recipients are infoscore Tracking Solutions
GmbH, Kaistrasse 7, 40221 Düsseldorf, infoscore Profile Tracking GmbH, Kaistrasse 7, 40221 Düsseldorf, infoscore Tracking Technology GmbH,
Kaistrasse 7, 40221 Düsseldorf and data center service providers who were commissioned to store the data.
The provision of personal data is required for the conclusion of a contract. If the data is not provided, the platform reserves the right
to interrupt the purchase process.
If, for an order, there is a suspicion of fraud or misuse, an employee of the platform checks the evaluation and the underlying
evidence.
If my order is not authorized, I will be told so. Upon request, I will be informed of the main reasons for the decision. I will then be
given an opportunity to express my point of view here: support@visit-x.net at which point an employee will reconsider the decision.
Every person concerned has the right of disclosure pursuant to Art. 15 DSGVO, the right of correction pursuant to Art. 16 DSGVO, the right
of deletion pursuant to Art. 17 DSGVO, the right of limitation of processing pursuant to Art. 18 DSGVO and the right of data transmission
pursuant to Art. 20 DSGVO vis-à-vis the platform.
In addition, it is possible to contact the supervisory authority responsible for the platform.
If you want to know which personal data we have stored about you and to whom we have transmitted which data, we will be happy to inform
you of this in the form of a – free of charge - self-disclosure letter. We ask for your understanding that for data protection reasons we
are not allowed to give any information by telephone, as an unambiguous identification of your person over the phone is not possible. In
order to avoid misuse by third parties, we require the following information from you:
• surname (birth name if applicable), first name(s)
• date of birth
• Current address (street, house number, postcode and city)
If you (voluntarily) enclose a copy of your ID card (front and back), you make it easier to identify yourself and thus avoid possible
further inquiries.

Revocation
I can revoke the above mentioned consent at any time with future effect by giving the platform informal notice of my revocation by e-mail
at datenschutzbeauftragter@visit-x.net.

For card payments (direct debit/girocard/credit cards) we work with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn,
represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. In this context, card data are transferred to the
above company in addition to the purchase amount and date. All payment data, as well as data on any chargebacks, are only stored for
as long as necessary to process the payment (including processing of any chargebacks and collection of the receivable) and to combat
fraud. Data are generally deleted no later than 13 months after collection. Data may be stored for longer if and for as long
as necessary to comply with statutory regulations or to prosecute a concrete case of fraud. The legal basis for data processing is
Art. 6 para. 1 f) General Data Protection Regulation. You can request information about your data, ask for it to be rectified or
deleted and for processing to be restricted and/or you can withhold your consent to the processing of your data. If you have any
questions about data processing by Concardis or to exercise your aforementioned rights, you can write to the data protection officer
at the address provided above or by email
to datenschutzbeauftragter@visit-x.net.
Furthermore, you have the right to complain to
a supervisory authority (in Germany to the state data protection officer). You are advised that you have no statutory or contractual
obligation to provide your payment data. If you do not wish to provide your payment data you can choose another
payment method (e.g. cash).

XIV. Rights of data subject

You have the right:
• pursuant to Article 15 GDPR, to request information on your personal data processed by us. In particular, you may request
information on the processing purposes, the category of the personal data, the categories of recipients to whom your data were or
are disclosed, the period for which the personal data will be stored, the existence of a right to rectification, erasure, restriction
of processing or objection, the existence of a right to lodge a complaint, the source of your data if these have not been collected
from us, and on the existence of automated decision-making including profiling and if applicable meaningful information on the details
thereof;
• pursuant to Article 16 GDPR, to request without undue delay the rectification of inaccurate personal data or the completion of
your personal data stored with us;
• pursuant to Article 17 GDPR, to request the erasure of your personal data stored with us unless the processing is necessary
for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• pursuant to Article 18 GDPR, to request the restriction of your personal data where the accuracy of the data is contested by you,
the processing is unlawful but you oppose the erasure of such data and we no longer need the data but you require the same for
the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
• pursuant to Article 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used
and machine-readable format or to request transmission of such data to another controller;
• pursuant to Article 7(3) GDPR, to withdraw from us the consent given by you at any time. The consequence of this is that we will
no longer be allowed to continue the data processing that was based on such consent for the future, and
• pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority. For this purpose you may as a rule turn to the
supervisory authority of your habitual residence or of your place of work or of our corporate seat.

XV. Right of withdrawal

You may object to the processing of data for legitimate interests pursuant to Article 6(1)(f) GDPR if reasons arise from your
particular situation arguing against such data processing. Such objection must be directed to our Data Protection Officer by post
at the above address of the controller adding the suffix “Data Protection Officer” or
by e-mail at datenschutzbeauftragter@visit-x.net.

XVI. Amendment of this Privacy Policy

The further development of our website and offerings relating to the same, or changes in legal requirements or those of
public authorities, may make it necessary to amend this Privacy Policy. The current Privacy Policy or previously valid Privacy
Policies may be accessed by you on this website at any time and printed out.